summaryrefslogtreecommitdiff
path: root/identity/binder
AgeCommit message (Collapse)Author
2022-12-09identity: Add support for setting minimum validity period for AuthKey.David Zeuthen
This change adds support for specifying that an AuthKey should be replaced if it's going to expire within a certain amount of time configurable by the application. This also adds a way for the application to learn about the expiration time of currently configured AuthKeys. Combined these two changes allow an application to get a perfect picture of which AuthKeys are available, when they expire, and allows the application to refresh AuthKeys well ahead of expiration dates. Also remove checking storeStaticAuthenticationDataWithExpiration() is only available on HAL version 3 and later (feature version 202101 and later). This works on any HAL version. Bug: 241912421 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: Ic8274088035c31f73ad61645ee5e0281b3460837
2022-12-09identity: Add support for ECDSA auth and don't require session encryption.David Zeuthen
This change uses new API in Identity Credential HAL version 5 and later to obtain the mdoc ECDSA authentication signature and pass it to the framework API. Bug: 241912421 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: I4bb8ba8c4a46a91791af9e0e48c81894d896a2d0
2022-01-10identity: Add multi-document presentation support.David Zeuthen
Also fix a bug so the same AuthKey is used for several getEntries() calls on a credential. This matches the behavior in the Jetpack. Bug: 197965513 Test: New CTS tests and new screen in CtsVerifier Change-Id: I344f44b5655f0977ee650b518ce669e3c8a7b47a
2021-01-22Credstore changes for Android 12David Zeuthen
- Add Credential.proveOwership() - Add Credential.deleteWithChallenge() - Add Credential.updateCredential() - Add Credential.storeStaticAuthenticationDataWithExpirationDate() - Store this on disk. For entries stored without this parameter assume they never expire. - Add allowUsingExpiredKeys to Credential.selectAuthKey() and Credential.getEntries() - Unless set to true, never select an expired key - Introduce ERROR_NOT_SUPPORTED and return this if HAL does not support operation Bug: 170146643 Test: atest android.security.identity.cts Change-Id: Ic5dafc6498c9c59b82942def9d348d974f008589
2020-01-16Add credstore system daemon.David Zeuthen
The credstore system daemon is sitting below the Identity Credential Framework APIs and on top of the Identity Credential HALs. Its main job is to store credential data and provide a way for applications to communicate with the secure hardware abstracted by the HAL. This daemon runs as an unprivileged user, credstore. The auth-tokens needed by credstore are supplied by keystore and this CL includes the requisite changes to keystore for this to work. Bug: 111446262 Test: CTS tests for Framework APIs Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 14:23:31 +0000